Within the last 24 hours, Security Response has discovered a newattack which exploits a previously undocumented vulnerability inMicrosoft Word. The malicious Microsoft Word document is emailed to thevictim as an attachment, and upon being opened, it installs an embeddedTrojan horse program we are calling Trojan.Mdropper.H.
Thedropper Trojan then installs a backdoor, Backdoor.Ginwui, which binds acommand shell for allowing remote access to the victim machine by theattacker and contacts a remote web server via HTTP. Both the source andthe target of the attack were based in Asia. The Web site thatBackdoor.Ginwui was contacting every minute via HTTP POST commands hasbeen taken down, though the IP addresses were being juggled by theattacker.
Security Response has seen a number of attacks like this of late andit really serves to underscore the new threat landscape we’re dealingwith today. Here’s a few of the signs of the time illustrated by thislatest attack.